-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2790 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es): * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618386) 4. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm ppc64le: kernel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm kernel-devel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-headers-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.73.1.el7.ppc64le.rpm perf-3.10.0-327.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): ppc64le: kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qcvtzjgjWX9erEAQiDsQ/7BETzPMxQja4EK5igMV57JOLK5GJ/MghC LSvARQ/99iCM8RzhcINPjvujtZ60ZtyRpAsgMJ5RQgFMVP5ZIWc3v5bK7aTE/W/R rJVuKYUenPZELmHBhWf9LHFVOOU2m/2gBVj0Cb2+0I3Q9AYCoCEpnZEHlY1rCLFD UBuGRd9eL+tUPvVOd+xkEe1Tl5iuiKoJuyAQR26OPGWshXSKBS5a/eaGZMlmUYGz g06soOA6Rc9tDfirES9KSvg8qIIYkBkmgMQdGp/KRin7UqGPZIK7A8RMxP6oRZvh tirsJG1iaDiBbiNHjb79umaLR4Z/zKhEJDlUQ36f3NxM3DE8tsdxY8vkOVi6kxVI 4UefoRbTtTO8Opd1NoRvvtqyqtWOyJjCPc+B7E8HUoEXjT0j5gIY5JaQp8EAS2DR LoYOOjg8gODwMlHZ9vDsF83SffHjHSicjJXdAOTgHq1i6OwjYT8uRfJYoUlVIM2b 7dcCp9aVYbcJiVcJM+ym7vpVQ/X/ehL11iXk8fM498Z6oAk2Cj2wz4twkQHpa63q 4pui+OgyLpha09NHgFqRYYubgrKKiXc3STQ1lv+55Y02IXiXkZVWWwcMy59onsgB 4DgxlZb+/M5cj61CVfGXmERU0f/jTIy8CCrIP2uyp5oFvfOmw6dM7LTu/i611Kkj brmSW7yutKI=MH0b -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce